Legal

Privacy Policy

Current Persona legal information with document version and publication language.

Version: 1.0 Language: EN

PRIVACY POLICY
Persona Platform (persona.nu)

Last updated: 2026-03-28

This Privacy Policy explains how Persona collects, uses, stores, shares, and protects personal data when you access persona.nu and related services ("Persona", "Platform", "we").

Persona is an independent social network and messenger with a privacy-focused product direction. This Policy should be read together with the Terms of Service, Cookies Policy, Community Guidelines, Acceptable Use Policy, Copyright and IP Policy, Donation Policy, and other documents in the Legal Center.

1. SCOPE AND CONTROLLER

This Policy applies to public pages, registered accounts, messaging features, profiles, feeds, uploads, donations, moderation flows, support contacts, and other services made available through Persona.

For purposes of applicable data-protection law, the operator of Persona in Norway acts as the controller for personal data processed through the Platform, except where another role is clearly stated for a specific service or legal process.

2. CATEGORIES OF DATA WE MAY PROCESS

Depending on how you use Persona, we may process categories such as:

- account data, including e-mail address, username, display name, password hashes, legal-acceptance logs, and account status information;
- profile and social data, including profile text, avatar, contacts, follows, friends, blocks, preferences, and visibility settings;
- content and communication data, including posts, comments, reactions, messages, uploads, attachments, reports, and support requests;
- device and technical data, including IP addresses, browser or app version, device identifiers, push tokens, security logs, and approximate technical diagnostics;
- payment- or donation-related data received from third-party providers, such as payment status, amount, currency, and reference identifiers, but not full payment-card numbers;
- compliance and safety data, including abuse reports, moderation signals, fraud-prevention data, suspicious-login indicators, and records required for security or legal compliance.

We do not intentionally ask users to provide special categories of personal data. If you choose to publish or send such information through the Platform, you are responsible for that choice.

3. HOW DATA IS COLLECTED

We collect data:

- directly from you when you register, edit your profile, send messages, upload content, make a donation, contact support, or interact with the Platform;
- automatically when you use the website or apps, including through logs, security events, cookies, local storage, and similar technologies;
- from other users when they mention you, invite you, report content, send you messages, or interact with your profile or content;
- from service providers and infrastructure partners who help us operate sign-in, hosting, delivery, anti-abuse, donations, e-mail, push notifications, or similar functions.

4. PURPOSES OF PROCESSING

We may process personal data to:

- create and maintain accounts;
- operate messaging, feeds, profiles, search, uploads, donations, and other core product functions;
- provide security features, detect abuse, investigate incidents, and protect users, Persona, and the service;
- personalize language, theme, device sessions, and technical preferences;
- communicate about account, legal, safety, moderation, service, or support matters;
- comply with legal obligations, respond to lawful requests, and defend legal claims;
- improve reliability, performance, debugging, and product quality;
- send optional promotional or informational messages only where an appropriate legal basis exists.

5. LEGAL BASES

Where GDPR or similar rules apply, Persona may rely on one or more of the following legal bases:

- performance of a contract or steps taken at your request before providing the service;
- legitimate interests in operating, securing, improving, and defending the Platform;
- compliance with legal obligations;
- consent, where consent is required or chosen as the appropriate basis.

If a specific processing activity depends on consent, you may withdraw that consent at any time, but this will not affect processing already carried out before withdrawal.

6. VISIBILITY OF PROFILES, POSTS, AND MESSAGES

Persona includes social and messaging features. Some information is intentionally visible to other users depending on your settings and the product feature involved.

For example, profile details, usernames, public posts, comments, reactions, social graph signals, and similar content may be visible to other users or, in some cases, to visitors. Private or limited-audience features may still generate technical metadata such as sender, recipient, timestamps, delivery status, or abuse-prevention signals.

If certain messaging flows use end-to-end encryption or additional security layers, Persona may still process related account, device, routing, delivery, or safety metadata needed to operate the service.

7. SECURITY, MODERATION, AND ABUSE PREVENTION

We may process personal data to authenticate users, maintain sessions, detect suspicious behavior, enforce limits, investigate abuse, respond to reports, prevent spam or fraud, and protect the integrity of Persona.

This may include logs, rate-limit events, device or network indicators, block lists, moderation reports, and records of policy enforcement. Some decisions may involve automated rules, risk scoring, or prioritization, but important enforcement may also involve human review.

8. COOKIES AND SIMILAR TECHNOLOGIES

Persona uses cookies, local storage, and similar technologies for session continuity, sign-in, security, language, theme, preferences, performance, and technical diagnostics.

More detail is provided in the Cookies Policy. Blocking essential cookies or storage may prevent login or core functionality from working correctly.

9. SHARING WITH PROCESSORS, PROVIDERS, AND AUTHORITIES

We may share personal data with:

- hosting, infrastructure, delivery, e-mail, anti-abuse, analytics, customer-support, or security providers acting on our behalf;
- payment or donation providers when needed to process a donation flow or verify payment status;
- law enforcement, regulators, courts, or other authorities where legally required;
- professional advisers or counterparties where reasonably necessary to establish, exercise, or defend legal claims, protect users, or safeguard the Platform.

Persona does not sell personal data to third parties.

10. INTERNATIONAL PROCESSING AND STORAGE

Persona is operated from Norway and may use service providers located within Norway, the EEA, or other jurisdictions depending on the technical stack and provider availability.

Where cross-border transfers occur, Persona aims to use appropriate safeguards where required by applicable law.

11. RETENTION AND DELETION

We retain personal data for as long as reasonably necessary for the purposes described in this Policy, including operation of the service, security, moderation, backups, legal compliance, dispute handling, and defense of legal claims.

Retention may vary depending on the type of data, whether an account remains active, whether content was reported or removed, whether a donation or legal request is involved, and whether the law requires longer storage.

When data is no longer reasonably needed, Persona may delete, anonymize, or securely reduce it, subject to technical, legal, and operational constraints.

12. YOUR RIGHTS

Subject to applicable law, you may have the right to request access, correction, deletion, restriction, objection, portability, or withdrawal of consent for certain processing activities.

You may also have the right to complain to the Norwegian Data Protection Authority (Datatilsynet) or another competent supervisory authority.

Some requests may be limited where Persona must retain data for security, legal compliance, prevention of abuse, freedom of expression, or the establishment, exercise, or defense of legal claims.

13. CHILDREN AND AGE LIMITS

Persona is not intended for children under the applicable minimum age stated in our legal documents or local law. If we believe an account is used in violation of applicable age rules, we may restrict or remove the account and related data.

Certain features may be limited by age, geography, product risk, or legal requirements.

14. AI, AUTOMATION, AND ANALYTICS

Persona may use automated systems, security tooling, analytics, moderation aids, ranking logic, spam detection, translation support, or other machine-assisted processes to operate and improve the service.

Automated tools can be imperfect and may produce inaccurate or incomplete results. Persona may combine automated signals with human review where appropriate.

Private messages are not used to train general-purpose AI models. However, technical metadata, safety signals, reports, and limited service data may be processed for security, abuse prevention, diagnostics, or feature improvement consistent with this Policy.

15. CHANGES AND CONTACT

Persona may update this Privacy Policy from time to time. The current version will be published in the Legal Center, and continued use of the Platform after publication may constitute acceptance of the updated version to the extent permitted by law.

Privacy-related questions or requests may be sent to [email protected]. Contacting Persona does not create contractual obligations and does not guarantee a response within a specific time.